🤖 AI Summary
This study addresses the heightened security risks faced by electric vehicle (EV) charging infrastructure upon integration into smart grids, particularly the threat of cross-domain cyber-physical attacks that existing intrusion detection systems inadequately cover. To counter this challenge, the authors propose a novel two-tier collaborative hybrid intrusion detection system that synergistically integrates network-based (NIDS) and host-based (HIDS) approaches. This framework achieves, for the first time in EV charging scenarios, deep fusion of dual-source data to effectively detect sophisticated composite attacks spanning both cyber and physical layers. Experimental evaluation on the CICEVSE2024 dataset demonstrates that the NIDS component attains a 99.99% accuracy in identifying network-level attacks, while the HIDS component achieves an 83.47% accuracy in detecting false data injection attacks (FDIA), cryptojacking, backdoors, and most denial-of-service (DoS) and reconnaissance attacks—significantly outperforming standalone detection methods.
📝 Abstract
The integration of Electric Vehicle Charging Stations (EVCSs) into the smart grid necessitates sophisticated digital infrastructure for their management and coordination, which expands the attack surface and makes both the power grid and EVCSs vulnerable to cyberattacks. This research addresses critical gaps in existing EVCS Intrusion Detection Systems (IDS) by proposing a hybrid IDS that integrates attack detection on both the cyber and physical layer of the EVCS ecosystem. The proposed hybrid IDS utilizes a dual-layer integration method, which combines network-based IDS (NIDS) and host-based IDS (HIDS). This approach facilitates for comprehensive monitoring of both network traffic through the NIDS and host-level activities via the HIDS, effectively addressing the unique challenges posed by the interconnected nature of EVCS ecosystems. Utilizing the recent CICEVSE2024 dataset, the IDS presented in this work performs multiclass classification across various attack types, including False Data Injection Attacks (FDIAs), reconnaissance, denial of service, backdoor, and cryptojacking attacks. Experimental results demonstrate that our approach achieves excellent detection accuracy, with the NIDS component reaching 99.99\% accuracy for network-based attacks and the HIDS component achieving 83.47\% accuracy on FDIA, cryptojacking, backdoor, all DoS, all Recon except Slowloris Scan attacks. This dual-layer detection significantly outperforms single-source detection approaches previously presented in literature.